On 03/06/16 04:32, Michael Paquier wrote:
> On Fri, Jun 3, 2016 at 11:23 AM, Sameer Kumar <sameer.kumar@ashnik.com> wrote:
>>
>>
>> On Fri, Jun 3, 2016 at 4:30 AM Stephen Frost <sfrost@snowman.net> wrote:
>>>
>>> * Sameer Kumar (sameer.kumar@ashnik.com) wrote:
>>>> On Fri, 3 Jun 2016, 12:14 a.m. Alex Ignatov, <a.ignatov@postgrespro.ru>
>>>> wrote:
>>>>> Can I list all WAL files in pg_xlog by using some sql query in
>>>>> Postgres?
>>>>
>>>> Try
>>>>
>>>> Select pg_ls_dir('pg_xlog');
>>>
>>> Note that this currently requires superuser privileges.
>>>
>>> Given the usefulness of this specific query and that it could be used
>>> without risk of the user being able to gain superuser access through it,
>>> I'd like to see a new function added which does not have the superuser
>>> check, but is not allowed to be called by public initially either.
CREATE FUNCTION ls_dir(text)
RETURNS SETOF text
LANGUAGE sql
SECURITY DEFINER
AS 'select * from pg_ls_dir($1)';
>> Can I not wrap it around another user defined function with SECURITY DEFINER
>> and grant privilege to specific users who can use it?
Yes, as shown above.
> pg_ls_dir() has a check on superuser() embedded in its code.
So what? That's what SECURITY DEFINER is all about.
--
Vik Fearing +33 6 46 75 15 36
http://2ndQuadrant.fr PostgreSQL : Expertise, Formation et Support